RECIPE INTO REALITY, INC. DBA CHICORY 

Product Privacy Policy

Last updated on June 21, 2023 (“Effective Date”)

Recipe Into Reality, Inc. DBA Chicory (“Company”, “we”, “our”, or “Chicory”) understands that privacy is important to you, and this Chicory Product Privacy Policy (“Product Privacy Policy”) shows our commitment to privacy. This Product Privacy Policy provides information about how we collect, use and disclose information through the suite of software products and services we provide (the “Chicory Product” or “Product”). If you’re looking for information about our corporate website and related activities (the “Site”), please click here: 

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to consumers located in those geographic regions, or as required by applicable law.

TABLE OF CONTENTS:

• BACKGROUND INFORMATION

• WHAT IS THE CHICORY PRODUCT?

• WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?

• HOW DO WE COLLECT PERSONAL INFORMATION?

• HOW DO WE USE YOUR PERSONAL INFORMATION?

• SHARING OF YOUR PERSONAL INFORMATION?

• HOW IS THE INFORMATION STORED AND HOW LONG IS IT KEPT?

• YOUR CHOICES

• YOUR RIGHTS

• YOUR CALIFORNIA PRIVACY RIGHTS

• YOUR NEVADA PRIVACY RIGHTS

• YOUR ADDITIONAL STATE PRIVACY RIGHTS

• TRANSMISSION OF INFORMATION TO OTHER COUNTRIES

• CHILDREN’S PRIVACY

• SECURITY

• CONTACTING US

• CHANGES TO THIS POLICY

• GLOSSARY

There are three main categories of users of the Chicory Product: (1) content publishers (“Publishers”) who are typically the owners or operators of a food/cuisine related website, websites, or other content portals with the Chicory Product enabled and made available therein and thereon  (each a "Publisher Media Property"); (2) advertisers who are promoting food/cuisine related brands, products, services, locations and other items either on their own behalf or the behalf of others (We collectively refer to both Publishers and advertisers as “clients” and we collectively refer to any and all data, content, and materials derived from or provided by Publishers and advertisers, as may be supplemented by us via the Chicory Product, as “Platform Data”), and (3) parties that view, access, interact with and/or use Chicory Product including to engage with the Publisher Media Property (an "users" or “you”). Chicory analyzes websites and apps in order to gain contextual insights from Publisher Media Properties and consumer purchase intent in and around food and related products and then uses those insights to enhance the user’s experience when interacting with a Publisher Media Property. The Product also provides a number of other advertising and marketing related features and functions, as described below. Additionally, Chicory connects Publisher Media Properties and/or Publishers with ecommerce retailers through the Chicory Product (and the Chicory Product may allow user interaction with the Chicory Product by and through widgets and buttons installed directly on a Publisher Media Property).

Our goal is to be transparent about our business by describing our technology in simple terms so that users can understand our practices. To help you further understand the technologies discussed in this Product Privacy Policy, we’ve included a Glossary below. 

We know that this is complicated, so if you have any questions about this information, please contact us here.  

Please note that this Product Privacy Policy does not govern the collection, use, and disclosure of information by our clients through their Publisher Media Properties, which is governed by their own privacy policies and practices.

The Chicory Product can be broken up into subparts, some of which are described in our Terms (“Product Features”) that may be employed by a Publisher individually or in combination with one another:

In order to function property, the Product engages in a variety of digital advertising techniques, a number of which are further discussed in our Glossary, including interest-based advertising (also known as “IBA,” “cross context behavioral advertising,” or “targeted advertising”), real-time bidding (or programmatic) advertising, contextual advertising (showing ads to you based on the content you are viewing), and location-based advertising. Other key terms related to certain key technologies used within programmatic advertising, like ID syncing, cookies, beacons, non-cookie technology, and ad servers, are also defined within the Glossary. 

The Product is operated by Recipe Into Reality, Inc. DBA Chicory.

The Chicory Product is designed to collect and use data as described herein. The Product allows us to collect and use Platform Data, and in many cases we do so on behalf of our clients. The Product ingests information provided by third-party sources to allow Company (on behalf of clients) to use such data to target ads. To do this, clients and data providers may use ID syncing to enable the use of this information through the Platform. Chicory does not collect, use, or allow its clients to transfer to or use on the Platform, data that, by itself, directly identifies an individual, such as name, address, phone number, email address, or government identifier. Unless otherwise noted in this Product Privacy Policy, we also prohibit certain categories of sensitive data from being collected, used, or transferred through the Chicory Product.

When you visit a Publisher Media Property that uses, or when you otherwise interact, with the Chicory Product, we may collect information about you and your device. While this information does not enable us to directly identify you or other users (we do not know your name or contact information), that information may be considered “personal data” or “personal information” under applicable privacy laws. When we refer to “personal information” and “personal data” throughout this Product Privacy Policy, we intend for those references to include all information encompassed by the relevant privacy laws, where those laws apply. 

We collect identifiers that help recognize particular mobile devices, computers, or connected devices without identifying the device’s user, including IP addresses, cookie identifiers, device identifiers, or other identifiers, along with other information about devices. We also collect information about webpages or apps in which users view content, along with other data made available to us by Publishers. That data helps our partners deliver appropriate advertisements to consumers.

Specifically, the information we collect and/or receive may include: 

• Information about users and their behavior on Publisher Media Properties, or other properties on which our Product may function, or on which our or our clients’ ads, product-related links, or other content or technology may appear or be placed, including domain name, referring website addresses, date and time of visits, viewability data (e.g., information about ads served, viewed, or clicked on, including the type of ad, where the ad was served, and whether you visited the advertiser’s website or downloaded the advertiser’s app), keyword searches, visitor activities, exit pages, platform type, video titles, video player size, and imprecise location information;

• Information about your browser, including browser type, version, language, and history;

• Information about your internet service provider, including which you use; 

• Information collected when and where we serve ads;

• Click and engagement data;

• Aggregated or de-identified data from our clients that impacts the serving of advertisements, but we do not determine your actual identity from such aggregated or de-identified data. Such aggregated or de-identified data may include encrypted or hashed forms of personal information, such as an email address. 

• Imprecise geolocation information if a Publisher Media Property shares it with us.  In some cases we may also derive imprecise geolocation information based on your IP address. Although we do not currently derive or collect precise geolocation information from an IP address or otherwise, we reserve the right to do so in the future.

• Information from third parties that provide user demographic information or information about user preferences, patterns, click and video interactions, or behaviors or interest information.

• Information from advertisers or advertising platforms that is used to match open advertising inventory owned by Publishers with the right advertisements.

• We or our clients and partners may also collect and store inferences about user activity using our Platform.

The Product uses cookies, pixels, beacons, tags, SDKs, and some non-cookie technologies to collect and store Platform Data about web browsers and devices across web sites and apps and over time.  

• Cookies help match open advertising inventory owned by publishers with the right advertisements. We may perform ID syncing between publisher cookies, Chicory cookies, third party data provider cookies, and/or advertiser cookies. 

• We may use other technologies, including non-cookie technology, to collect information to assist in ad delivery, provide reporting, or measure user interactions with ads.

• We may work with third party platforms, including advertising platforms that collect information to allow us and our clients and partners to deliver targeted advertisements. For example, third party advertising companies use information about your visits to websites or applications across devices to provide you with ads that are likely associated with you. Those advertisers may use this data in combination with information we collect about users to deliver targeted ads across devices. Publishers may use that combination of data to offer audience segments, or groupings of audiences, on Publisher Media Properties as ad inventory for purchase. 

For more details regarding Platform Data and some of the technologies used by the Product, please see our Glossary.

Information Our Clients, Partners, and Vendors Collect

Our clients, partners, vendors, and our client’s vendors who use our technology may use their own tags, pixels, cookies, or other technology or third party technology within ads and on websites. Chicory is not responsible for the use of such tracking technologies or for their privacy practices. 

Chicory uses the Platform Data to provide, operate, manage, maintain, and enhance the Product. The Product enables Chicory's clients to take advantage of the Product Features and other product functionality. Chicory staff also give "hands-on" help to clients and often provide a “managed service”, for example by configuring and sometimes executing advertising campaigns for clients to best meet their objectives. Chicory, on behalf of itself or its clients and/or partners, may also use information we collect for the following business and commercial purposes, some of which are “business purposes” under the California Consumer Privacy Laws (as defined below).

• To enable ourselves, our clients and our partners to buy and sell ads, including through Interest-based advertising, also known as “IBA” or “cross-context behavioral advertising,” or to enable other advertising and marketing services (You can opt out of interest-based advertising through the Chicory Product by clicking here).

• Limiting the number of times a user sees a particular ad

• Showing ads in a particular sequence; 

• Customizing ads to a particular location;

• Showing ads related to the content of the web page on which they are shown;

• Determining how users respond to ads;

• Reporting aggregated statistics regarding, for example, the effectiveness of online advertising campaigns; 

• Compiling, analyzing, and reporting other statistics about the transactions occurring through our Platform; 

• Conducting research and development for our own or our clients’ internal business purposes, such as analyzing campaign forecasts and conducting machine learning to help our clients improve their sales of ad space and delivery of ads to you;

• The Product may use Platform Data in order to serve or measure advertising on related devices on behalf of our clients; 

• To create or enhance user data and create data products and audience segments; 

• To conduct internal research and auditing activities, including for technological development and demonstration, and as necessary to ensure the proper functioning of the Platform; 

• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;

• Debugging to identify and repair errors that impair existing intended functionality;

• For short-term transient use, including as a permitted business purpose under the California Consumer Privacy Laws, as defined below;

• To perform services on behalf of our Clients or partners;

• Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us;

• Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law; 

• To enable cross-device mapping and/or ID syncing in order to serve or measure advertising on related devices on behalf of our clients and partners; and

• As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

Some uses of data may constitute the sale or sharing of personal information under the California Consumer Privacy laws, including: 

• Delivering targeted advertising to users and for certain measurement and analytics purposes;

• Creating certain kinds of audience segments as advertising opportunities.

Chicory may disclose information collected as follows: 

• Clients have access to certain Platform Data for their own use. 

• Chicory may provide Platform Data to partners and service providers for the purpose of operating, managing, maintaining, or enhancing Chicory’s Product and services, including providing ad targeting services, for the safety and security of the Product and the online industry, as required or permitted by law, or for other commercial or business purposes described in the section above.

• We may share information, including Platform Data, with clients (including vendors acting on their or our behalf) and/or other partners to help clients make buying/selling decisions on Publisher’s Publisher Media Properties. Clients may use this information in combination with other information to provide users with targeted advertising. 

• We may share information in connection with an actual or proposed sale or transfer of all or a part of our business or assets, corporate merger, consolidation, or bankruptcy.

• We may share information with law enforcement, regulatory authorities, courts with competent jurisdictions, emergency services, or other necessary third parties for legal, protection, security, and safety purposes, including: to comply with laws or regulations and respond to lawful requests or legal process; to protect Chicory’s rights and property or the rights or property of our agents, affiliates, clients, or partners; to enforce our agreements, policies, and terms of use; and/or to protect the safety of our employees, agents, customers, or third parties. 

• We may share information with vendors or service providers who provide services on our or our clients’ behalf and require access to such information to do so. Examples include: analyzing data, hosting or providing data, auditing, or providing technical support.

• We may share information with our partners to enable those partners to provide services to us or our clients, or to use the data for their own purposes. 

• We may also share aggregated data.

Platform Data is stored using generally accepted security standards, and is retained as long as reasonably necessary for the business and commercial purposes noted above.

There are many ways to opt out of receiving targeted advertising that we may facilitate using our Product or other technology. Different devices use different technologies and identifiers, so users must separately opt out from each browser and device. Once you opt out of our targeted advertising, your personal information will no longer be processed for targeted advertising on that device or browser.

• Website Display 

If you do not want information about websites you visit to deliver targeted ads to you, you may opt out by clicking here.

We comply with opt-out requests by placing an "opt-out cookie" on your computer or device. Consequently, if you clear your Cookies on that computer or device, we will not be able to read our "opt-out cookie" and may resume collecting information from that computer or device for purposes of retargeting. Similarly, an opt-out request will not be effective on other browsers, computers, or devices you may use if you have not opted out while using that browser, computer, or device.

Please note Cookies are browser and device specific, so you must opt out on all of the browsers (e.g. Chrome, Safari) and devices (e.g. laptop, smartphones) you use.

Additionally, you can use the following mechanisms to opt out of targeted advertising: 

• Chicory is a member of the Digital Advertising Alliance (“DAA”) and adheres to the DAA Self-Regulatory Principles. Accordingly, you can opt out of targeted advertising by companies adhering to the DAA Self-Regulatory Principles, including Chicory, by visiting the DAA’s opt out page found at http://www.aboutads.info/choices/. 

Note that you will still see ads on your devices and webpages after you opt out, but those ads may be less relevant to you. Website display opt outs operate by placing a cookie on your device that is unique to the browser and device used to opt out. Those cookies may not function properly if your browser is configured to reject certain cookies. If you change browsers or your device, or delete the cookies on your device, you will need to opt out again.

• Mobile Apps and Location Data

Your mobile device may give you the ability to opt out of the use of information regarding the apps that you use for targeted advertising. You may opt out of the collection of location information by specific apps or from your entire device at any time by changing your preferences on your mobile device. Note that when location services have not been enabled in your apps, we may infer data about your location based on your IP address. For more information regarding your preferences and options, please see the link found here http://www.networkadvertising.org/mobile-choice and in the Cookies, Tracking, and Interest-Based Advertising section below.

• Cookies, Tracking, and Interest-Based / Targeted Advertising

In addition to the opt-out tools noted above, if you would like to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of our Product or some of its functionality may be affected. 

For clarity, cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your computer browser, that opt-out will not be effective on your mobile device. Additionally, if you opt out on one of your devices, that opt out may not be effective on all of your devices. You must separately opt out on each device. 

Please note that cookie-based opt-outs are not effective on some mobile services. Users may opt out of certain advertisements on mobile applications or reset advertising identifiers via their device settings.  To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links: 

iOS - https://support.apple.com/en-us/HT202074

Android - https://support.google.com/ads/answer/2662922?hl=en

You may also download and set your preferences on the DAA’s App Choices mobile application(s) available in Google Play or the Apple App stores.

• Do Not Track

    Some browsers have a “do not track” (also known as DNT) feature that lets you tell websites that you do not want to have your online activities tracked. Please note that, unless required by law, we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, under the California Consumer Privacy Laws, as defined below, we rely on our Publishers to read and respect Global Privacy Control (“GPC”) signals for California consumers as an opt-out of the sale or sharing of personal information under the California Consumer Privacy Laws, as defined below, where the users’ web browsers support this signal and where the GPC signal remains present and readable.

These additional state privacy right disclosures provide additional information about our personal information processing practices relating to individual residents of the applicable states. Unless otherwise expressly stated, all defined terms in this Product Privacy Policy retain the same meaning in the disclosures below. The rights, to the extent those rights are applicable set forth below are granted only to the extent they apply and are enforceable in an applicable state.

These provisions apply only to California consumers and supplement this Product Privacy Policy. The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), collectively referred to as “California Consumer Privacy Laws,” provide California consumers with specific rights regarding their personal information. This California Privacy Rights section describes your rights under the California Consumer Privacy Laws, explains how you may exercise your rights, and provides an overview on the types of personal information we collect.

California Consumer Privacy Laws provide you with the following rights:

• Right to know. You have the right to know what categories and specific pieces of personal information we collect about you, the sources from which we collect personal information, our business or commercial purpose for the collection, use, and sharing of your personal information, and any categories of third parties to whom we sell or with whom we share your personal information.  

• Right to data portability. You have the right to request a copy of personal information we have collected and maintained about you in the past 12 months. California Consumer Privacy Laws allow you to request your information from us up to twice during a twelve (12) month period.  We will provide our response in a readily usable format, which is usually electronic.

• Right to delete. You have the right to request that we delete the personal information that we have collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal information, we may deny your request or may retain certain elements of your personal information if it is necessary for us or our service providers to:

• Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

• Debug to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.

• To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.

• Comply with a legal obligation.

• Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

• Right to opt out of selling or sharing. At the time this Product Privacy Policy was last updated, we (1) SELL personal information; and (2) we SHARE personal information for the purpose of cross-context behavioral advertising. 

You have the right to opt out of the sale or sharing of your personal information, along with the right to opt in to the sale of such information. If we sell or share any of your personal information, you may, at any time, tell us not to sell or share your personal information. You can make this opt-out request by clicking here. 

We comply with opt-out requests by placing an "opt-out cookie" on your computer or device. Consequently, if you clear your Cookies on that computer or device, we will not be able to read our "opt-out cookie" and may resume collecting information from that computer or device for purposes of retargeting. Similarly, an opt-out request will not be effective on other browsers, computers, or devices you may use if you have not opted out while using that browser, computer, or device.

Please note Cookies are browser and device specific, so you must opt out on all of the browsers (e.g. Chrome, Safari) and devices (e.g. laptop, smartphones) you use.

• Right to correct. You have the right to request the correction of any personal information we maintain about you. 

• Right to limit use or disclosure of sensitive personal information (“SPI”). Please note that we do not currently use or disclose sensitive personal information (“SPI”) for any purposes that require disclosure or opt out under the California Consumer Privacy Laws as we understand those laws. You have the right to limit the use or disclosure of your SPI if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services. 

• Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services. 

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How to Contact Us About Your California Privacy Rights

You can submit a request to access, delete, limit, or correct your personal information, in addition to withdrawing consent and requesting to opt-out, using the methods below.

• Calling us at +1-800-752-8901

• Emailing us at privacy@chicory.co 

Verification of Your Identity. After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that it is not a fraudulent request. In order to verify your identity, we will request, at a minimum, that you provide your name, email address, phone number, address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. If we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we will ask you also submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. 

Our Response Time to Your Request

We will make every effort to respond to your request within forty-five (45) days from when you contacted us. If you have a complex request, the California Consumer Privacy Laws allow us up to ninety (90) days to respond. We will still contact you within forty-five (45) days from when you contacted us to let you know we need more time to respond.

Our Information Collection Practices 

• Personal Information We Collect

The California Consumer Privacy Laws define personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include:

• Information that is lawfully made available from federal, state, or local government records;

• De-identified or aggregated information; and

• Information excluded from the California Consumer Privacy Laws such as health or medical information covered under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and financial information covered under the Fair Credit Reporting Act (“FCRA”) or Gramm-Leach Bliley Act (“GLBA”).

Information regarding our collection, use and disclosure of personal information are detailed in the general Product Privacy Policy that precedes this California Privacy Rights section. To help consumers make informed privacy decisions, the California Consumer Privacy Laws create and define categories of personal information, and our practices regarding personal information are organized below into the aforementioned categories. Please note that some types of personal information may apply to multiple categories. 

Within the previous twelve (12) months, we have collected the following categories of personal information: identifiers, internet or other network activity information, user behavior such as internet browsing behavior, and geolocation data. To find details about the specific data points Chicory collects, please see the “WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?” section above, and for details on how we use and disclose that information, please see the “HOW DO WE USE YOUR PERSONAL INFORMATION?” section above, which describes the business purposes for which that information is used. 

Within the previous twelve (12) months, we have collected, disclosed, and, except where we act as a service provider, may sell or share the following categories of personal information for business or other commercial purposes to the following categories of recipients:

To find more details about the specific data points Chicory collects, please see the “WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?” section above. For more details on how and to whom we disclose information see “SHARING OF YOUR PERSONAL INFORMATION” above.

For more details on how we use your information, please see the “HOW DO WE USE YOUR PERSONAL INFORMATION?” section above, which further describes the business and commercial purposes for which that information is used and disclosed, including the purposes for which the information is sold or shared. You can learn more about the sources from which we obtain personal information in the “WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?” and “HOW DO WE COLLECT PERSONAL INFORMATION” sections above.  

As noted, you can find additional information pertinent to California consumers throughout the Product Privacy Policy sections above, including information concerning our data collection, use, and disclosure practices.

CALIFORNIA “SHINE THE LIGHT”

Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at privacy@chicory.co. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at privacy@chicory.co.