RefreshMonitoringSign Up

Privacy Policy

Last Updated: May 25, 2026

On This Page

This Privacy Policy describes how Refresh Monitoring LLC, a Delaware limited liability company ("RefreshMonitoring," "we," "us," or "our"), collects, uses, shares, retains, and protects personal information when you access or use the RefreshMonitoring website, applications, and related services (collectively, the "Service"). This Privacy Policy is incorporated into our Terms of Service by reference. Capitalized terms used but not defined here have the meanings given in our Terms of Service.

RefreshMonitoring is a consumer credit monitoring service. To provide the Service, we and our service providers collect, process, and share sensitive personal information, including identity verification data, consumer credit report content, credit scores, and financial account information. We are committed to handling that information in accordance with the federal Fair Credit Reporting Act ("FCRA"), the federal Gramm-Leach-Bliley Act ("GLBA"), the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"), and other applicable federal and state privacy and financial-information laws.

Please read this Privacy Policy carefully. By creating an account, accessing the Service, or using any feature of the Service, you confirm that you have read and understood this Privacy Policy. If you do not agree with any aspect of this Privacy Policy, you must not access or use the Service.

1. Scope and Applicability

This Privacy Policy applies to personal information we collect about you when you:

  • Visit the RefreshMonitoring website at refreshmonitoring.com or any subdomain or successor site;
  • Register for, enroll in, access, or use the Service;
  • Communicate with our member support team by email, in-application messaging, text message, or other channels;
  • Interact with our marketing communications or our presence on third-party platforms;
  • Provide information to us at events, through surveys, or in any other interaction with us.

This Privacy Policy does not apply to personal information collected by:

  • Equifax, Experian, TransUnion, or any other consumer reporting agency, each of which maintains its own privacy practices that govern its handling of your consumer credit information;
  • The provider of the educational credit scoring model presented in the Service, which maintains its own privacy practices;
  • Any third-party website, application, or service that may be linked to or integrated with the Service, each of which maintains its own privacy practices.

The Service is intended for residents of the United States who are at least eighteen (18) years of age. The Service is not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). See Section 13 (Children's Privacy).

2. Information We Collect

We collect the categories of personal information described in this Section 2. The specific information we collect depends on how you interact with the Service and on the features you use.

2.1 Identifiers and Contact Information

When you register for and use the Service, we collect identifiers and contact information that you provide directly, including:

  • Full name, including any prior names you have used;
  • Date of birth;
  • Current and former physical addresses;
  • Email address;
  • Telephone number;
  • Social Security number or other government-issued identification number;
  • Account username, password, and authentication credentials;
  • Unique device or persistent online identifiers, including cookie identifiers, IP address, and mobile advertising identifiers.

2.2 Identity Verification Information

To verify your identity and authorize the retrieval of your consumer credit information from the three nationwide consumer reporting agencies, we and our identity verification and credit data integration providers collect identity verification information, including:

  • Knowledge-based authentication responses, such as answers to multiple-choice questions derived from your credit file;
  • In some cases, a manual authentication code sent by mail to the address in your credit file;
  • Other identity attributes used to authenticate you with the consumer reporting agencies and to detect attempts to access information using another person's identity.

2.3 Consumer Credit Report Information

With your written authorization, we and our credit data integration provider retrieve your consumer credit reports and credit scores from Equifax, Experian, and TransUnion (collectively, the "three nationwide consumer reporting agencies"). The consumer credit report information we receive and process may include:

  • Tradeline information, including the identity of furnishers, account types, account numbers (full or partial), open and close dates, balances, credit limits, payment histories, and account statuses;
  • Public record information appearing on your credit file, including bankruptcies;
  • Collection account information;
  • Inquiry information, including the identity of entities that have requested your credit file and the dates of those inquiries;
  • Personal identifying information appearing on your credit file, including names, addresses, employment information, and Social Security number (full or partial);
  • Educational credit scores calculated using a credit scoring model based on data from each of the three nationwide consumer reporting agencies, together with score factors and related educational content.

Consumer credit report information is sensitive personal information under federal and state law. It is treated in accordance with the FCRA, the GLBA, and applicable state laws.

2.4 Payment Information

When you enroll in a paid subscription, our payment processor collects the payment information necessary to charge your selected payment method, including credit card, debit card, or other payment account details, billing name, billing address, and billing zip code. We do not store complete payment card numbers on our own systems. Our payment processor stores and processes payment information in accordance with the Payment Card Industry Data Security Standard and in accordance with its own privacy practices.

2.5 Communications and Support Information

When you communicate with us, including by email to support@refreshmonitoring.com or legal@refreshmonitoring.com, through in-application messaging, by telephone, by text message, or through any other channel, we collect the content of your communications and any information you choose to provide in those communications, including attachments, screenshots, identity verification responses, and account-related context.

2.6 Device and Technical Information

When you access the Service, we and our service providers automatically collect technical information about your device and the network you use to connect to the Service, including:

  • IP address and approximate geographic location derived from your IP address;
  • Device type, device identifiers, operating system, browser type and version, and language settings;
  • Screen resolution and other display characteristics;
  • Pages you visit on the Service, features you interact with, dates and times of access, and referring URLs;
  • Performance and diagnostic information, including crash reports and error logs.

2.7 Cookies and Similar Technologies

We and our service providers use cookies, pixels, tags, software development kits, local storage, and similar technologies (collectively, "Cookies") to operate the Service, to remember your settings and authenticate your session, to measure performance, to detect and prevent fraud, and, where permitted by applicable law and your settings, to support marketing. See Section 9 (Cookies and Tracking Technologies) for more detail.

2.8 Marketing and Preference Information

We may collect information about your communication preferences and your responses to marketing communications, including whether you opened or clicked on a marketing email, and information about how you interact with our presence on third-party platforms where you have engaged with our content. We do not condition access to the Service on your consent to receive marketing communications.

2.9 Information from Other Sources

We may also collect personal information about you from the following sources, in addition to from you directly:

  • Our credit data integration provider, which acts as our service provider to retrieve consumer credit reports and credit scores from the three nationwide consumer reporting agencies after you have authorized retrieval through the Service;
  • The three nationwide consumer reporting agencies, through our credit data integration provider, including your consumer credit reports, credit scores, and monitoring alerts;
  • Identity verification providers, which provide knowledge-based authentication, manual authentication, and other identity verification services;
  • Our payment processor, which provides information necessary to process payments and to address payment-related disputes;
  • Communications and analytics providers that help us deliver email, send text messages, measure Service performance, and detect fraud;
  • Other third parties from whom we receive information in accordance with applicable law, including for fraud prevention, security, and compliance with legal obligations.

3. How We Use Your Information

We use the personal information described in Section 2 for the following purposes.

3.1 Provide, Operate, and Maintain the Service

We use your information to register your account, to provide the features described in our Terms of Service, to deliver three-bureau credit reports and educational credit scores, to refresh your credit profile on a recurring basis, to monitor your credit profile and detect changes that may be of interest to you, to send credit alerts, to provide member support, and otherwise to operate the Service.

3.2 Verify Identity and Authorize Credit Pulls

We use your identity information to verify that you are who you claim to be and that the credit information at issue pertains to you and not to another person. By creating an account and enrolling in the Service, you provide written instructions in accordance with the federal Fair Credit Reporting Act, 15 U.S.C. Section 1681b(a)(2), authorizing RefreshMonitoring and its credit data integration provider to obtain your consumer credit reports and credit scores from the three nationwide consumer reporting agencies on a recurring basis for the duration of your active subscription.

3.3 Process Payments

We use your payment information, through our payment processor, to charge the subscription fees for your selected plan, to process refunds where applicable, to address chargebacks and payment disputes, and to detect and prevent payment fraud.

3.4 Communicate with You

We use your contact information to communicate with you about the Service, including to send transactional, account-related, security-related, identity-verification, billing, and operational communications; to respond to your support requests; and, where permitted by applicable law and your communication preferences, to send marketing communications about the Service.

3.5 Security, Fraud Prevention, and Compliance

We use your information to protect the security and integrity of the Service, to authenticate you, to detect and prevent unauthorized access, identity theft, credit fraud, payment fraud, and other unlawful activity, to enforce our Terms of Service, to comply with our legal obligations including those under the FCRA and the GLBA, to respond to lawful requests from government authorities, and to establish, exercise, or defend legal claims.

3.6 Service Improvement and Analytics

We use your information to understand how members use the Service, to measure and improve the performance, reliability, and security of the Service, to develop and improve features, to train fraud and security detection models, and to perform internal analytics. Where we use your information for these purposes, we use de-identified or aggregated information whenever reasonably practicable.

3.7 Marketing the Service

Subject to your communication preferences and applicable law, we use your contact information and engagement data to market the Service to you. You may opt out of marketing communications at any time, as described in Section 10 (Communications and Marketing Choices). We do not use sensitive personal information, including consumer credit report content or credit scores, to market the Service to you or to any third party.

3.8 Comply with Legal Obligations

We use your information to comply with applicable laws, regulations, and legal process, including those related to consumer reporting, financial information, identity verification, anti-money-laundering, taxation, electronic commerce, advertising, and consumer protection, and to respond to subpoenas, court orders, regulatory inquiries, and other lawful requests.

3.9 Business Transactions

We may use your information in connection with the evaluation, negotiation, or completion of a merger, acquisition, reorganization, financing, sale of all or substantially all of our assets, or other corporate transaction. Personal information may be transferred as part of any such transaction, subject to the requirements of applicable law and to the terms of this Privacy Policy at the time of transfer.

3.10 De-Identified and Aggregated Information

We may create and use de-identified or aggregated information that does not identify you for any lawful purpose, including for analytics, research, product development, benchmarking, and marketing materials. We maintain de-identified information in de-identified form and do not attempt to re-identify it, except as permitted by applicable law to test the effectiveness of our de-identification practices or as otherwise required by law.

4. GLBA Notice of Information Practices

RefreshMonitoring is a financial institution within the meaning of the federal Gramm-Leach-Bliley Act, 15 U.S.C. Section 6801 et seq., because we provide a financial product or service to consumers. This Section 4 is our GLBA Privacy Notice to you. The remainder of this Privacy Policy supplements this Section 4 with additional information.

4.1 Information We Collect

As described in Section 2, we collect the following categories of nonpublic personal information about you in connection with the Service:

  • Information you provide on enrollment forms and other registration materials, including name, address, date of birth, Social Security number, email address, and telephone number;
  • Information about your transactions with us, including your subscription plan, billing history, and payment method on file;
  • Information about your transactions with non-affiliated third parties, including consumer credit report content and credit scores received from the three nationwide consumer reporting agencies; and
  • Information from consumer reporting agencies, including consumer credit reports and credit scores.

4.2 Information We Disclose

We disclose nonpublic personal information about you only as described in this Privacy Policy. We may disclose nonpublic personal information to non-affiliated third parties only as permitted by law, including disclosures to our service providers performing services on our behalf, disclosures necessary to effect, administer, or enforce a transaction you authorize, disclosures with your consent, disclosures for fraud prevention and security, and disclosures required by law.

4.3 Confidentiality and Security

We maintain physical, electronic, and procedural safeguards designed to protect the confidentiality, integrity, and availability of nonpublic personal information, as described in Section 14 (Information Security). We restrict access to nonpublic personal information to those of our personnel and service providers who need access to provide the Service to you.

5. FCRA Notice and Your FCRA Rights

5.1 FCRA Written Instructions

By creating an account and enrolling in the Service, you provide "written instructions" in accordance with the federal Fair Credit Reporting Act, 15 U.S.C. Section 1681b(a)(2), authorizing RefreshMonitoring and its credit data integration provider to obtain your consumer credit reports and credit scores on a recurring basis from the three nationwide consumer reporting agencies for the duration of your active subscription, and to provide that information to you through the Service.

These written instructions authorize RefreshMonitoring and its credit data integration provider to access your credit profile, including your credit reports, credit scores, and related information, to verify your identity, to deliver the monitoring features of the Service, to send alerts about changes detected on your credit files, and to provide the other features described in our Terms of Service. These written instructions remain in effect for as long as you maintain an active subscription. You may revoke these written instructions at any time by cancelling your subscription, in which case retrieval of your consumer credit information will cease at the end of the then-current monthly billing period.

5.2 Your Rights to a Free Credit Report

You are entitled to one free copy of your credit report from each of the three nationwide consumer reporting agencies every twelve months. You can request these reports at AnnualCreditReport.com. You also have the right to a free credit report in certain other circumstances described in the FCRA, including where you have been denied credit, employment, insurance, or housing based on information in your credit report within the past sixty days, where you are unemployed and seeking employment within the next sixty days, where you are receiving public welfare assistance, or where you believe your file contains inaccurate information due to fraud or identity theft. The Service is a paid subscription and is not a substitute for the free annual credit report disclosure you are entitled to receive under the FCRA.

5.3 Your Right to Dispute Information in Your Credit File

Under the federal Fair Credit Reporting Act, 15 U.S.C. Section 1681 et seq., you have the right to dispute information in your credit file directly with the credit reporting agencies, at no cost. The credit reporting agencies must investigate disputes that consumers submit directly to them, generally within thirty days. The Service is a monitoring and informational tool. The Service does not submit disputes on your behalf and is not a substitute for the dispute process administered by the credit reporting agencies. Contact information for each of the three nationwide consumer reporting agencies is available on each agency's website.

5.4 Educational Credit Scores

The credit scores presented in the Service are calculated using an educational credit scoring model and are provided for informational and educational purposes only. The credit scores you receive from the Service may not be the same scores used by lenders, insurers, employers, landlords, or other commercial users for credit, insurance, employment, or other decisions. The credit scores in the Service are not used by any lender or other commercial user in connection with any decision about you.

5.5 Your Rights to a Security Freeze and Fraud Alert

You have the right to place a security freeze or fraud alert on your credit file. Security freezes are free and must be honored by each of the three nationwide consumer reporting agencies. You can request a security freeze or fraud alert by contacting each credit reporting agency directly. RefreshMonitoring does not place security freezes or fraud alerts on your behalf.

5.6 Complaints

If you believe your rights under the FCRA have been violated, you can file a complaint with the Consumer Financial Protection Bureau at consumerfinance.gov, with the Federal Trade Commission at ftc.gov, or with your state attorney general's office.

6. How We Share Your Information

We share personal information about you only as described in this Privacy Policy. We do not sell your personal information in exchange for monetary consideration. We do not share your sensitive personal information, including consumer credit report content or credit scores, for cross-context behavioral advertising or for targeted advertising.

6.1 Service Providers

We share personal information with service providers and subprocessors that perform services on our behalf and that are contractually limited to using the information only to provide those services to us. Our service providers include, without limitation:

  • Hosting, cloud infrastructure, and content delivery providers;
  • Our credit data integration provider, which retrieves consumer credit reports and credit scores from the three nationwide consumer reporting agencies on our behalf and on yours;
  • Identity verification providers, which provide knowledge-based authentication, manual authentication, and related identity verification services;
  • Payment processors, which process subscription payments and other charges in accordance with their own terms and privacy practices;
  • Email, text message, push notification, and other communications providers;
  • Analytics, performance monitoring, error logging, and security providers;
  • Customer support and ticketing platforms;
  • Fraud detection and security service providers; and
  • Professional advisors, including outside legal counsel, accountants, and auditors.

6.2 Consumer Reporting Agencies and Credit Scoring Model Provider

To deliver the Service, we share identity and verification information with Equifax Information Services, LLC, Experian Information Solutions, Inc., and TransUnion LLC, through our credit data integration provider, in order to authenticate you, to retrieve your consumer credit reports and credit scores on a recurring basis, and to enroll you in monitoring at each agency. We also share information with the credit scoring model provider, through our credit data integration provider, as necessary to calculate the educational credit scores presented in the Service. Each of these third parties handles your information in accordance with its own terms and privacy practices.

6.3 Legal Compliance and Protection of Rights

We may share personal information about you to comply with applicable law, regulation, legal process, or governmental request; to respond to subpoenas, court orders, search warrants, or other lawful demands; to cooperate with law enforcement, regulators, and other government authorities; to enforce our Terms of Service or other agreements; to detect, prevent, or address fraud, security, or technical issues; to protect the rights, property, or safety of RefreshMonitoring, our members, or others; and to establish, exercise, or defend legal claims.

6.4 Business Transactions

We may share or transfer personal information in connection with the evaluation, negotiation, or completion of a merger, acquisition, reorganization, financing, dissolution, bankruptcy, receivership, sale of all or substantially all of our assets, or other corporate transaction. In any such transaction, personal information may be transferred as one of the transferred assets, subject to applicable law.

6.5 With Your Direction or Consent

We may share personal information about you with third parties at your direction or with your consent. Where we share information based on your direction or consent, we will rely on the direction or consent you provided and will not be responsible for any third party's use of the information after we have shared it.

6.6 De-Identified and Aggregated Information

We may share de-identified or aggregated information that does not identify you for any lawful purpose, including with third parties for research, analytics, benchmarking, marketing materials, and other purposes.

7. No Sale of Personal Information; No Sharing for Cross-Context Behavioral Advertising

RefreshMonitoring does not sell your personal information in exchange for monetary consideration, and we do not share your personal information for cross-context behavioral advertising as those terms are used in the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and other applicable state privacy laws. We do not allow third-party advertising networks to track you across non-affiliated websites or applications for the purpose of serving you targeted advertising based on your activity on the Service. We do not engage in profiling that produces legal or similarly significant effects concerning you. Some state privacy laws use broader definitions of "sale" and "share" that may include certain disclosures to service providers or analytics providers; the disclosures we make to those providers are subject to contractual limitations that we believe satisfy the service-provider or processor exceptions under each applicable law.

8. Sensitive Personal Information

Several categories of personal information we collect are "sensitive personal information" under the CCPA and analogous state privacy laws. The sensitive personal information we collect includes:

  • Social Security number and other government-issued identification numbers;
  • Account log-in credentials, including username and password;
  • Financial account information used for billing;
  • Consumer credit report content retrieved from the three nationwide consumer reporting agencies; and
  • Other information that may be considered sensitive personal information under applicable state law.

We use and disclose sensitive personal information only for purposes that are reasonably necessary to provide the Service that you have requested, to verify and maintain the quality and safety of the Service, to detect security incidents, to resist and prosecute malicious or fraudulent actions, to comply with our legal obligations, and for the other limited purposes permitted by Section 7027 of the California Code of Regulations and analogous provisions of other state privacy laws. We do not use sensitive personal information for the purpose of inferring characteristics about you, for advertising or marketing of any kind, or for any other purpose that would entitle California consumers to exercise the right to limit the use of sensitive personal information under the CCPA.

Because we limit our use of sensitive personal information to purposes permitted under Section 7027 of the California Code of Regulations and analogous provisions of other state privacy laws, California consumers and consumers in other states with analogous laws are not entitled to exercise the right to limit the use of sensitive personal information with respect to RefreshMonitoring.

9. Cookies and Tracking Technologies

9.1 What We Use

We and our service providers use the following categories of Cookies on the Service:

  • Strictly necessary Cookies, which are required for the Service to function, including for authentication, session management, security, and fraud prevention. You cannot opt out of strictly necessary Cookies through the Service. You may block them at the browser level, but doing so may prevent you from using parts of the Service.
  • Functional Cookies, which support optional features, such as remembering your preferences and language settings.
  • Analytics and performance Cookies, which help us understand how members use the Service so we can measure and improve performance, reliability, and security.
  • Marketing Cookies, used only on our marketing pages and only as permitted by applicable law and your settings, to support our marketing of the Service.

9.2 Your Choices

Most browsers allow you to manage Cookies through browser settings, including by blocking, deleting, or restricting Cookies. Mobile operating systems offer device settings that allow you to manage mobile advertising identifiers. Some browsers and browser extensions offer features that signal your preference not to be tracked, including the Global Privacy Control. RefreshMonitoring honors Global Privacy Control signals for the categories of personal information and purposes for which honoring the signal is required by applicable law. Blocking or restricting Cookies may affect your experience of the Service.

9.3 Do Not Track

Some browsers transmit "Do Not Track" signals. There is no widely accepted standard for responding to those signals. We do not respond to Do Not Track signals other than to the extent we respond to Global Privacy Control signals as described in Section 9.2.

10. Communications and Marketing Choices

10.1 Service Communications

If you provide your email address or telephone number, you may receive transactional, account-related, security-related, identity-verification, billing, credit-alert, and other operational communications from us. These communications are part of the Service and are not promotional. You cannot opt out of these communications while maintaining an active account. If you do not want to receive these communications, you must cancel your subscription as described in our Terms of Service.

10.2 Marketing Email

You may opt out of marketing email at any time by following the unsubscribe instructions in any marketing email, by adjusting your communication preferences in your account settings, or by contacting legal@refreshmonitoring.com. Opting out of marketing email does not stop transactional, account, security, or service communications.

10.3 Text Messages

If you provide your telephone number, you may receive transactional, account-related, security-related, identity-verification, billing, credit-alert, and other operational text messages, including messages delivered using automatic telephone dialing systems or prerecorded voice. By providing your telephone number for these purposes, you provide your prior express consent under the federal Telephone Consumer Protection Act, 47 U.S.C. Section 227, to receive these transactional and informational text messages.

Marketing text messages, including any text messages marketing the Service, are sent only based on your separate, prior express written consent captured outside of these communications through an opt-in mechanism that satisfies the higher consent standard required under the federal Telephone Consumer Protection Act and applicable state law. Your separate consent (or the absence of it) controls regardless of any general authorization in our Terms of Service or in this Privacy Policy. Your consent to marketing text messages is not a condition of purchase or of receiving the Service.

Message and data rates may apply. Message frequency varies based on your account activity. You may opt out of any text message at any time by replying STOP, QUIT, CANCEL, UNSUBSCRIBE, or END to the message. You may request help by replying HELP. After opting out, you may receive a confirmation message, after which we will cease sending text messages of the type you opted out of. If you opt out of all text messages, we may be unable to deliver certain account, security, or credit-alert notifications by text, and will use email or in-application notifications instead.

10.4 Telephone Calls

If you provide your telephone number, you may receive transactional and informational telephone calls from us or our service providers in connection with the Service, including calls related to identity verification, account security, billing, and member support.

10.5 Push Notifications

If you use a mobile or desktop application that supports push notifications, you may receive push notifications. You may manage push notification settings through your device settings.

11. Your Privacy Rights

Depending on your state of residence and the nature of the personal information at issue, you may have one or more of the rights described in this Section 11 with respect to your personal information. Some of these rights are subject to exceptions, including for personal information governed by the FCRA, the GLBA, or other federal financial-information laws, for personal information necessary to perform a contract with you, and for personal information that we are required to retain to comply with our legal obligations.

11.1 Categories of Rights

Subject to applicable law and to the exceptions described in this Section 11, you may have the right to:

  • Confirm whether we process personal information about you and obtain a copy of, or access to, that personal information;
  • Correct inaccurate personal information that we maintain about you;
  • Delete personal information that we maintain about you, subject to retention obligations described in this Privacy Policy and in our Terms of Service and subject to the exceptions provided by applicable law;
  • Receive personal information that you have provided to us in a portable format;
  • Opt out of certain uses or disclosures of personal information, including the sale of personal information, the sharing of personal information for cross-context behavioral advertising, and certain types of profiling;
  • Limit the use or disclosure of sensitive personal information (subject to Section 8);
  • Withdraw your consent to processing that is based on your consent;
  • Designate an authorized agent to exercise your rights on your behalf, subject to verification of the agent's authority and your identity; and
  • Appeal a denial of a privacy rights request, where required by applicable state law.

11.2 Important Limitations

Personal information that we process about you in connection with delivery of the Service is, in significant part, governed by the federal Fair Credit Reporting Act and the federal Gramm-Leach-Bliley Act. Most state consumer privacy laws, including the CCPA, exempt personal information collected, processed, sold, or disclosed pursuant to the FCRA and personal information collected pursuant to the GLBA. As a result, your rights to access, correct, delete, port, or restrict processing of consumer credit report content, identity verification data, and certain financial information may be limited or unavailable under state privacy law. You retain your rights under federal law, including the right to dispute information in your credit file directly with the credit reporting agencies as described in Section 5.3.

11.3 How to Exercise Your Rights

You may submit a privacy rights request by emailing legal@refreshmonitoring.com from the email address associated with your account. If you do not have an account, you may submit a request from any email address. We will respond to verified requests within the time required by applicable law. We will take reasonable steps to verify your identity before responding to a request, which may require you to provide additional information.

We do not discriminate against you for exercising your privacy rights. We will not deny you the Service, charge you a different price, or provide you with a lower quality of the Service because you exercised a privacy right. If we deny your request in whole or in part, you may have the right to appeal that decision by replying to our denial or by contacting legal@refreshmonitoring.com with the subject line "Privacy Rights Appeal."

11.4 Authorized Agents

You may designate an authorized agent to exercise your privacy rights on your behalf. Where required by applicable law, we will require evidence of the agent's authority, including a written and signed permission from you, and we will require independent verification of your identity directly with you.

11.5 California Residents

If you are a California resident, the CCPA gives you additional rights with respect to certain categories of personal information about you. The categories of personal information we have collected about California residents during the twelve months preceding the date of this Privacy Policy, the sources from which those categories of personal information were collected, the business or commercial purposes for which those categories of personal information were collected, and the categories of third parties to whom those categories of personal information were disclosed are described in Sections 2, 3, and 6 of this Privacy Policy. The categories of sensitive personal information we have collected are described in Section 8 of this Privacy Policy.

RefreshMonitoring does not sell personal information for monetary consideration and does not share personal information for cross-context behavioral advertising as those terms are used under the CCPA. RefreshMonitoring does not knowingly sell or share for cross-context behavioral advertising the personal information of consumers under the age of sixteen (16).

California's "Shine the Light" law, California Civil Code Section 1798.83, permits California residents to request information regarding the disclosure of personal information to third parties for the third parties' direct marketing purposes during the immediately preceding calendar year. RefreshMonitoring does not disclose personal information to third parties for the third parties' direct marketing purposes. You may request confirmation of this practice by emailing legal@refreshmonitoring.com with the subject line "Shine the Light Request."

11.6 Virginia, Colorado, Connecticut, Utah, and Other State Residents

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, or any other state that has enacted a comprehensive consumer privacy law, you have the rights granted by your state's law, subject to the FCRA and GLBA exemptions described in Section 11.2 and to other applicable exceptions. To exercise your rights, contact us as described in Section 11.3.

11.7 Nevada Residents

If you are a Nevada resident, you have the right to direct us not to sell certain personal information that we have collected or will collect about you. We do not sell personal information as the term "sale" is defined under Nevada Revised Statutes Chapter 603A. You may submit a verified request to opt out of the sale of personal information by emailing legal@refreshmonitoring.com with the subject line "Nevada Opt-Out Request."

12. United States Operations

The Service is intended only for residents of the United States. Personal information collected through the Service is processed and stored in the United States. We do not knowingly market the Service to consumers outside the United States. By accessing or using the Service, you acknowledge that personal information about you will be processed and stored in the United States and that the United States may have data protection laws that differ from those of your country of residence if you are outside the United States.

13. Children's Privacy

The Service is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under the age of thirteen (13) in violation of the federal Children's Online Privacy Protection Act, 15 U.S.C. Section 6501 et seq., or any applicable state child-privacy law. The Service is also not directed to minors under the age of eighteen (18), and our Terms of Service require members to be at least eighteen (18) years old. If you believe that we have inadvertently collected personal information from a child under the age of thirteen (13) or from a minor under the age of eighteen (18), please contact us at legal@refreshmonitoring.com so that we can delete that information.

14. Information Security

We maintain administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of personal information against unauthorized access, use, disclosure, alteration, or destruction. Our safeguards include encryption of personal information in transit using industry-standard transport layer security and encryption of sensitive personal information at rest, role-based access controls, audit logging, multi-factor authentication for administrative access, vulnerability management, security incident response procedures, and contractual requirements imposed on our service providers.

No security measure is perfect, and we cannot guarantee the security of personal information against all threats. You are responsible for safeguarding your account credentials and for promptly notifying us at legal@refreshmonitoring.com of any unauthorized use of your account or any actual or suspected security breach involving your account. Where required by applicable law, we will notify you and any required regulator of a security breach that affects your personal information.

15. Data Retention

We retain personal information about you for as long as your account is active and for such additional period as we believe necessary or appropriate to provide the Service, to comply with our legal obligations, to resolve disputes, to enforce our agreements, to maintain security, and for the other purposes described in this Privacy Policy. The specific retention period for any particular category of personal information depends on the nature of the information, the purposes for which it was collected, our legal obligations, and our legitimate business interests.

When personal information is no longer needed for the purposes for which it was collected and we are not otherwise required to retain it, we will delete it or de-identify it. Information that we have de-identified or aggregated in accordance with applicable law is no longer personal information and is not subject to the retention principles in this Section 15.

For information about how the three nationwide consumer reporting agencies retain consumer credit report content, please refer to the privacy practices of each agency.

16. Third-Party Services and Links

The Service may contain links to third-party websites, applications, or services that we do not operate. Those third parties operate independently of RefreshMonitoring and have their own privacy practices. We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party website, application, or service before providing personal information to it. Information collected by third parties through their websites, applications, or services is not subject to this Privacy Policy.

17. Notices for Members Affected by Specific Events

17.1 Identity Theft and Fraud

If you believe that your personal information has been compromised through the Service, that someone has accessed the Service using your credentials without your authorization, or that you have been the victim of identity theft, please contact us promptly at legal@refreshmonitoring.com. You should also take the steps described at IdentityTheft.gov, including placing a fraud alert or security freeze on your credit file with each of the three nationwide consumer reporting agencies.

17.2 Security Incident Notifications

Where required by applicable law, we will notify you of a security breach involving your personal information within the time period required by law and using the contact information associated with your account. We may also be required to notify federal and state regulators, consumer reporting agencies, and other parties.

18. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our practices, in technology, in legal or regulatory requirements, or in our Service. When we make a material change, we will provide reasonable advance notice by posting the revised Privacy Policy on the Service, updating the "Last Updated" date, and, where appropriate, by sending notice to the email address associated with your account. Material changes will take effect on the date stated in the notice, which will be at least the minimum period required by applicable law. Your continued access to or use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the revised Privacy Policy. If you do not agree to the revised Privacy Policy, your sole and exclusive remedy is to stop using the Service and cancel your subscription as described in our Terms of Service.

19. Relationship to Our Terms of Service

This Privacy Policy supplements our Terms of Service. In the event of any conflict between this Privacy Policy and our Terms of Service with respect to a matter governed by both, this Privacy Policy controls with respect to the collection, use, sharing, retention, and security of personal information, and our Terms of Service controls with respect to all other matters.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

By email: legal@refreshmonitoring.com

By mail:

Refresh Monitoring LLC Attn: Legal - Privacy 8 The Green, Suite A Dover, DE 19901

For member support, including questions about your subscription, billing, or cancellation, please contact support@refreshmonitoring.com.

We will respond to your inquiry within the time required by applicable law.

© 2026 Refresh Monitoring LLC. All Rights Reserved.